How to Change the Password of a Role

Before You Begin

You must have assumed a role that includes the User Security profile or have switched to superuser. You cannot be in the role whose password you want to change. A role cannot change its own password.

1. Use one of the following methods to change a role's password.

   • As superuser or in a role that includes the User Security rights profile, run the passwd command.

     $ passwd -r naming-service target-rolename

     -r naming-service

     Applies the password change to one of the following repositories files, nis, nisplus, or ldap. If a repository is not specified, the password is changed in files.

     target-rolename

     Is the name of an existing role that you want to modify.

     For more command options, see the passwd(1) man page.

   • Change the password in the Solaris Management Console.

     To start the console, see How to Assume a Role in the Solaris Management Console.

     1. Log in to the console as superuser or in a role that includes the User Security rights profile.

        The login role cannot be the target role.

     2. Choose the appropriate scope.

        The Files scope modifies the role password on the local system. The LDAP scope modifies the role password in the LDAP naming service.

     3. Navigate to Administrative Roles and follow the instructions in the left-hand pane.

        For more extensive information, see the online help.

   • As superuser or in a role that includes the User Security rights profile, run the smrole command with the modify subcommand.

     This command runs as a client of the Solaris Management Console server.

     $ /usr/sadm/bin/smrole -D domain-name -r admin-role -l <Type admin-role password> \ modify -- -n target-rolename -P password

     -D domain-name

     Is the name of the domain that you want to manage.

     -r admin-role

     Is the name of the administrative role that can modify the target role. The administrative role must have the solaris.admin.usermgr.pswd authorization. The administrative role and the target role cannot be the same role.

     -l

     Is the prompt for the password of admin-role.

     --

     Is the required separator between authentication options and subcommand options.

     -n target-rolename

     Is the name of the target role.

     -P password

     Is the new password for target-rolename.

     For the full list of command options, see the smrole(1M) man page.

Example 9–13 Changing a Local Role's Password With the passwd Command

In this example, superuser changes the password of the local operadm role.

# passwd -r files  operadm
New password: Type new password
Re-enter new password: Retype new password

Example 9–14 Changing a Role's Password in an LDAP Repository

In this example, the Primary Administrator role changes the password of the operadm role in the LDAP directory service.

$ passwd -r ldap operadm
New password: Type new password
Re-enter new password: Retype new password

Example 9–15 Changing a Role's Password With the smrole modify Command

In this example, the administrator contacts the Solaris Management Console server to change the operadm password in the NIS domain. When the administrator does not provide the password before pressing the Return key, the New Password: prompt appears.

$ /usr/sadm/bin/smrole -D nis:/examplehost/example.domain \
-r primaryadm -l <Type primaryadm password> \
modify -- -n operadm -P Press the Return key
New Password: a!2@3#4$5%6*7
$